That protects them against a possible attack from the US government. Threema is located in Switzerland and they own their own servers which are also located in Switzerland. Signal doesn't keep any data about your communications except for the last time that you connected to them and it only stores the day. They helped WhatsApp and Skype implement their protocol. In fact, Signal actively helps other companies implement the Signal protocol. They don't have a financial motivation to compromise your security. In addition, Signal is 100% open source, it has a long lineage in the cryptographic world with some of its core concepts dating back to the OTR ("off the record") encryption from 2004 and the Signal protocol has been reviewed multiple time by the best security experts in the world.įinally, Signal is a non-profit made up of security advocates whose only goal is to ensure your security. So in other words, the cryptographic features of Signal are really compelling. So if you message me, I can prove to myself that you wrote the message because only you and I have the shared secret to sign it, but I cannot prove it to someone else. Finally, the authentication method of Signal messages is such that anyone capable of verifying the message signature is also capable of forging it.
The key changes based on random numbers generated by both you and the person you are talking to in a way that even someone monitoring the conversation could not figure out the next key. They can use it to descrypt the next few messages, but only until the key changes again. If someone steals your key today, they cannot use it to decrypt old messages. With Signal, the key is always changing and old keys are discarded. With Threema, if someone were to steal your encryption key, they would be able to decrypt all your past messages and they would have mathematical proof that it was you who wrote them.
The way it does the first two is by having a " double ratchet algorithm" that constantly changes the encryption keys. While Threema has end-to-end encryption and authentication, the Signal protocol goes beyond that to also give you perfect forward secrecy, post-compromise security, and plausible deniability. The Signal protocol is the state of the art in private communication. Signal has a more secure secure protocol. I prefer Signal but here is my attempt to give an impartial list of pros for each one:
0 kommentar(er)
